Skip to content

Virtual Appliance Setup

LogSentinel SIEM can be installed as a virtual appliance on any hypervisor that supports OVA/OVF, including VMWare ESX, Microsoft Hyper-V, Oracle VirtualBox, Citrix XenServer and more.

The virtual appliance is provided by the LogSentinel team and is automatically configured after deployment via the hypervisor. After the initial configuration, the appliance shows the URL that LogSentinel SIEM is accessible from.

The SIEM can be cofnigured further by logging into the appliance using root/logsentinel (the system then requests the password to be changed immediately). All necessary properties can be changed in /var/logsentinel/

Through those properties multiple appliances can be run in a cluster. For running in a cluster, seek support from a LogSentinel partner/integrator or contact us directly.

IP assginment

If DHCP is enabled, the appliance gets the IP address automatically.

If no DHCP is available, the relevant details (IP, mask, gateway and DNS) can be specified on the first run when prompted.


Updates, including new reports, rules, saved searches, are distributed in a single, self-contained jar file that has to be copied to /var/logsentinel/logsentinel.jar on each deployment of the LogSentinel SIEM appliance. After the jar is placed, the service should be restarted (sudo service logsentinel restart). In highly-available clusters make sure that nodes are not restarted simultaneously in order to avoid downtime.